Cyber hygiene: why it’s important to have good, ‘clean’ habits


If you’ve never heard of the term cyber hygiene, you could imagine that it had something to do with cleanliness or good habits.

When it comes to cybersecurity, hygiene refers not to keeping out dirt and grime, but rather the threats of ransomware, malware, viruses and online scams.

Sophisticated and expensive infosecurity software could play a part in safeguarding your networks, systems and data, but they are often not the only answer.

In fact, if your organisation’s personnel do not practise good cyber hygiene, the thousands of dollars spent on software and other technical measures could end up going down the drain.

What is cyber hygiene?

Just like personal hygiene, cyber hygiene is a set of good basic practices to follow as we live, work and play in the online world. It typically governs the computers and electronic devices we use on a regular basis.

Lest there be gaps in these practices – you could forget to brush your teeth, for instance, if it was not a habit – they should be documented in policies and operationalised as daily habits and tasks. Once implemented, they should be part of the norm of your organisation’s culture.

Although many of these practices are common-sense, many workers may see them as a chore, or an afterthought, and not practise them. Without cyber hygiene, you may not get a cavity or a toothache, but you could be giving bad actors a free pass into systems and sensitive data.

Checklists for DPOs to take first steps

Cyber hygiene must be practised by everyone in the organisation in order for it to be effective. Data protection officers (DPOs) have the responsibility of establishing these practices by helping to organise training for employees and championing a cybersecurity culture within the organisation.

The process may take time, but the impact of these habits cannot be overestimated in this age of digitisation. The following checklists will help you check off how many good practices you have in place and which ones your organisation can consider implementing next.


• Make sure all software is up-to-date. Ensure that the latest security patches are installed

• Scan for viruses or malware with antivirus software, and enable firewalls

• Restrict mobile application permissions, delete mobile apps that you do not use

• Enable lock screens for mobile phones, laptops, and computers, when the devices are left unattended

• Change default passwords immediately, use strong passwords and update them regularly (Check out our guide on how to create strong passwords.)

• Ensure that mobile phones, laptops, and computers have passwords or PINs

• Backup your files, ensuring that sensitive documents are password-protected or encrypted

• Report cases of suspicious emails or messages to your company’s IT team (Read about the many types of phishing in order to avoid falling prey.)


• Do not use your work phone, work email, or other work devices and accounts for personal activities

• Do not access unsecured websites (secured sites start with https:// while unsecured sites start with http://)

• Do not use open, public networks, especially if you are submitting any sensitive information or passwords

• Do not download any email attachment if it looks suspicious, or if the sender is unknown

• Do not share passwords with colleagues, or otherwise expose them

Whether you are a small business or a large enterprise, ensuring that your employees develop these habits is the first step to keeping data secure.

Learn more about how to operationalise cybersecurity and data protection principles by attending our upcoming courses on Data Protection Risks, Information and Cyber Security EXIN Certification, and Data Protection Officer Course (Philippines).

Just one more step! We've sent an email to .
Please check your inbox or spam and open it to activate your account.

Related Articles